Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ acl(4) — IRIX 6.5.3f

Media Vault

Software Library

Restoration Projects

Artifacts Sought



acl(4)                                                                  acl(4)



NAME
     acl - Access Control Lists

SYNOPSIS
     #include <sys/acl.h>

DESCRIPTION
     Access Control Lists (ACLs) are supported on XFS file systems only.

     ACLs provide a mechanism for finer grained access control than the
     traditional UNIX discretionary access control mechanism.  An ACL is a
     list of users and/or groups and their access rights, which is associated
     with a file or directory.  ACLs are optional.  In addition to the ACL
     used to mediate access, a directory may have a second ACL which defines
     the default initial ACL for files created in that directory.  Files have
     only the single access control ACL.

     At the interface to the library routines, ACLs are represented in a
     struct acl which is defined in <sys/acl.h>.

              #define ACL_MAX_ENTRIES 25

              typedef ushort  acl_perm_t;
              typedef int     acl_type_t;
              typedef int     acl_tag_t;

              struct acl_entry {
                   acl_tag_t       ae_tag;
                   uid_t           ae_id;
                   acl_perm_t      ae_perm;
              };
              typedef struct acl_entry * acl_entry_t;

              struct acl {
                   int                     acl_cnt;
                   struct acl_entry        acl_entry[ACL_MAX_ENTRIES];
              };


     This is a fixed size structure with a variable number of active struct
     acl_entry entries.  The maximum number of entries is ACL_MAX_ENTRIES
     which is currently defined to be 25.  The number of active entries is
     indicated in acl_cnt.

     A struct acl_entry consists of three fields, ae_tag, which identifies the
     type of the entry, and is one of the following values (all other values
     are invalid):

     ACL_USER_OBJ (0x01)
                    access permissions for the file's owner.





                                                                        Page 1





acl(4)                                                                  acl(4)



     ACL_USER (0x02)
                    access permissions for a user other than the owner.

     ACL_GROUP_OBJ (0x04)
                    access permissions for users with the same group as the
                    file's group

     ACL_GROUP (0x08)
                    access permissions for other groups

     ACL_MASK (0x10)
                    mask entry

     ACL_OTHER_OBJ (0x20)
                    other entry.

                    The ae_id field of struct acl_entry specifies the UID or
                    GID for the entry.  The ae_perm field specifies the
                    permissions using the following defined values:

     ACL_READ (0x04)
                    read access permitted

     ACL_WRITE (0x02)
                    write access permitted

     ACL_EXECUTE (0x01)
                    execute (search for directories) access permitted

     As with the basic permissions for a file, these may be or'ed together.

     Two types of ACLs are defined. ACL_TYPE_ACCESS (0) indicates that the ACL
     is to be used in making access control decisions for the file or
     directory with which it is associated.  ACL_TYPE_DEFAULT (1) indicates
     that the ACL is a default ACL.  Default ACLs are associated only with
     directories, and supply the initial ACL for a file created in that
     directory.  These types are supplied in the acl_get_file(3c) and
     acl_set_file(3c) calls.

EXTERNAL REPRESENTATION
     ACLs are represented in a standard format for human readable input /
     output.  Each ACL entry is specified as three colon separated fields.
     ACL entries are separated by white space or new lines. Everything after a
     "#" character is considered a comment and is ignored to the end of the
     line.  The first field of an ACL entry is the entry type, which can be
     one of the following:  "user", "group", "other", "mask", "u", "g", "o",
     "m".

     The second field is a user name, numeric UID, group name, or numeric GID,
     depending on the value of the first field.  (acl_from_text(3c) supports
     only the strings, not the numeric UID/GID values.)  If the second field
     is empty, it implies that the ACL entry is for the owning user or group



                                                                        Page 2





acl(4)                                                                  acl(4)



     of the file.  Mask and other entries must have an empty second field.
     The third field is the discretionary access permissions for this ACL
     entry.  This may be represented in two forms.  The first is the string
     "rwx" where each letter may be replaced by a "-" indicating no access of
     that type.  The parsing of this string by acl_from_text(3c) requires that
     it be exactly as shown and not be reordered, e.g. rxw is not valid.

     Some programs allow a second form, the relative symbolic form (used for
     input).  The relative symbolic form is preceded by a ``+'' to indicate
     additional access or a ``^'' to indicate that access is to be removed,
     similarly to the inputs to the chmod(1) command.  The relative symbolic
     string is at least one character.  The symbolic string contains at most
     one each of the following characters in any order: "r", "w", and "x".










































                                                                        Page 3



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026